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Certificate ::= SEQUENCE 
tbsCertif icate 
s igna t ureAlgor i t hm 
signature 



TBSCertif icate, 
Algorithmldentif ier , 
BIT STRING } 



TBSCertif icate 



SEQUENCE { 



[0] 



version 
s e r i a INumbe r 
signature 
issuer 
validity 
subj ect 

subject PublicKeylnf o 
issuerUniquelD [1] 
subjectUniquelD [2] 
extensions [3] 



Version DEFAULT vl, 
Cert if icateSerialNumber, 
Algorithmldentif ier , 
Name , 
Validity, 
Name , 

Subj ect PublicKeylnf o, 
IMPLICIT Uniqueldentif ier OPTIONAL, 
IMPLICIT Uniqueldentif ier OPTIONAL, 
Extensions OPTIONAL } 



Version 



INTEGER { vl(0), v2(l), v3(2) } 



Cert if icateSerialNumber 



: = INTEGER 



Validity ::= SEQUENCE { 
notBef ore 
notAf ter 

Time : : = CHOICE { 
utcTime 
generalTime 



Time, 
Time } 



UTCTime , 

General izedTime } 



Uniqueldentif ier 



;= BIT STRING 



SubjectPublicKeylnf o : 
algorithm 
subj ect PublicKey 



SEQUENCE { 

Algor i t hmldent i f ier , 
BIT STRING } 



Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension 



Extension :: = SEQUENCE { 

extnID OBJECT IDENTIFIER, 

critical BOOLEAN DEFAULT FALSE, 

extnValue OCTET STRING } 
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AttributeCertif icate ::= SEQUENCE { 



acinf o 

signatureAlgorithm 
signatureValue 



AttributeCertif icate Info, 
Algor i thmldent i f ier , 
BIT STRING 



AttributeCertif icatelnfo ::= 
version 
holder 
issuer 
signature 
serialNumber 
attrCertValidityPeriod 
attributes 
issuerUniquelD 
extensions 



SEQUENCE { 
AttCertVersion DEFAULT vl, 
Holder, 

At t Cert Issuer , 
Algori thmldent if ier , 
Cert if icateSerialNumber , 
AttCertValidityPeriod, 
SEQUENCE OF Attribute, 
Uniqueldentif ier OPTIONAL, 
Extensions OPTIONAL 



} 



AttCertVersion ::= INTEGER { vl(0), v2(l) } 



Holder : : = SEQUENCE { 

baseCert if icatelD 



entityName 

obj ectDigestlnf o 



} 



[03 IssuerSerial OPTIONAL, 

the issuer and serial number of 
the holder's Public Key Certificate 

[1] GeneralNames OPTIONAL, 

- - the name of the claimant or role 

[2] Obj ectDigest Info OPTIONAL 

if present, version must be v2 



Obj ectDigest Info ::= SEQUENCE { 

digestedObj ectType ENUMERATED 
public Key 
public Key Cert 
otherOb j ectTypes 



{ 



otherObj ectTypelD 
digest Algorithm 
obj ectDigest 



(0) , 

(1) , 

(2) }, 

otherObj ectTypes MUST NOT 
-- be used in this profile 
OBJECT IDENTIFIER OPTIONAL, 
Algori thmldent if ier , 
BIT STRING 
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AttCertlssuer ::= CHOICE { 

vlForm GeneralNames, -v1orv2 
v2Form [0]V2Form - v2 only 

} 



V2Form ::= SEQUENCE { 

issuerName GeneralNames OPTIONAL, 

baseCertificatelD [0] IssuerSerial OPTIONAL, 
objectDigestlnfo [1] ObjectDigestlnfo OPTIONAL 

— at least one of issuerName, baseCertificatelD 

- or objectDigestlnfo MUST be present} 

IssuerSerial ::= SEQUENCE { 

issuer GeneralNames, 

serial CertificateSerialNumber, 

issuerUID Uniqueldentifier OPTIONAL 



AttCertValidityPeriod ::= SEQUENCE { 

notBeforeTime GeneralizedTime, 
notAfterTime GeneralizedTime 

} 



Attribute ::= SEQUENCE { 

type AttributeType, 
values SET OF Attribute Value 
at least one value is required 

} 

AttributeType ::= OBJECT IDENTIFIER 



AttributeValue ::= ANY DEFINED BY AttributeType 

FIG. 5C 

(PRIOR ART) 



PKCIocator ::= SEQUENCE { 

holderPKCIocator [0] GeneralNames OPTIONAL, 
authorityPKCIocator [1] GeneralNames OPTIONAL 

} 

wherein GeneralNames is defined by IETF RFC2459 as 
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName 



GeneralName ::= CHOICE { 



otherName 


[0] 


OtherName; 


rfc822Name 


[11 


lASString, 


dNSName 


[2] 


lASString, 


x400Address 


[3] 


ORAddress, 


directoryName 


[4] 


Name, 


ediPartyName 


[5] 


EDIPartyName, 


uniformResourceldentifier 


[6] 


lASString, 


iPAddress 


[7] 


OCTET STRING, 


registered ID 


[8] 


OBJECT IDENTIFIER 
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